14 * in 64bit mode we use 5 limbs each 51 bits long
17 #define FLD_LIMB_NUM 5
18 #define FLD_LIMB_BITS 51
20 #define FLD_LIMB_MASK ((1L << FLD_LIMB_BITS)-1)
25 * in 32bit mode fld_t consists of 10 limbs alternating in size
26 * between 26 and 25 bits.
27 * this approach is inspired from djb's curve25519-paper, where it
28 * is explained in more detail.
31 #define FLD_LIMB_NUM 10
33 /* macros for alternating limb sizes: use with d=1,0,1,0,... */
34 #define FLD_LIMB_BITS(d) (25+(d))
35 #define FLD_LIMB_MASK(d) ((1 << FLD_LIMB_BITS(d))-1)
41 * fld_t is our datatype for all operations modulo 2^255-19.
43 * since we typedef an array here, all parameters of type fld_t get
44 * a call-by-reference semantic!
47 typedef limb_t fld_t[FLD_LIMB_NUM];
54 extern const fld_t con_d;
55 extern const fld_t con_2d;
56 extern const fld_t con_m2d;
57 extern const fld_t con_j;
61 * prototypes for 32bit/64bit specific functions
63 void fld_reduce(fld_t dst, const fld_t x);
64 void fld_import(fld_t dst, const uint8_t src[32]);
65 void fld_export(uint8_t dst[32], const fld_t src);
66 void fld_mul(fld_t res, const fld_t a, const fld_t b);
67 void fld_scale(fld_t dst, const fld_t src, limb_t x);
68 void fld_sq(fld_t res, const fld_t a);
72 * prototypes for common code
74 int fld_eq(const fld_t a, const fld_t b);
75 void fld_inv(fld_t res, const fld_t z);
76 void fld_pow2523(fld_t res, const fld_t z);
81 * simple inline functions
85 fld_set0(fld_t res, limb_t x0)
89 for (i = 1; i < FLD_LIMB_NUM; i++)
95 fld_add(fld_t res, const fld_t a, const fld_t b)
98 for (i = 0; i < FLD_LIMB_NUM; i++)
103 fld_sub(fld_t res, const fld_t a, const fld_t b)
106 for (i = 0; i < FLD_LIMB_NUM; i++)
107 res[i] = a[i] - b[i];
111 * fld_tinyscale scales an element a without reducing it. this could
112 * be used for conditionally change sign of an element.
115 fld_tinyscale(fld_t res, const fld_t a, limb_t x)
118 for (i = 0; i < FLD_LIMB_NUM; i++)
123 * fld_scale2 is a special case of fld_tinyscale with x = 2.
126 fld_scale2(fld_t res, const fld_t a)
129 for (i = 0; i < FLD_LIMB_NUM; i++)
134 * fld_neg is a special case of fld_tinyscale with x = -1.
137 fld_neg(fld_t res, const fld_t a)
140 for (i = 0; i < FLD_LIMB_NUM; i++)